US11907410B2ActiveUtilityA1

Method and device for managing storage system

65
Assignee: EMC IP HOLDING CO LLCPriority: Apr 17, 2017Filed: Jul 22, 2021Granted: Feb 20, 2024
Est. expiryApr 17, 2037(~10.8 yrs left)· nominal 20-yr term from priority
G06F 21/78G06F 3/062G06F 3/0689G06F 12/0238G06F 21/6227G09C 1/00H04L 9/0877G06F 2212/1052G06F 2212/402
65
PatentIndex Score
0
Cited by
263
References
18
Claims

Abstract

Implementations of the present disclosure relate to method and device for managing a storage system. The method comprises in response to receiving a write request at a storage system, determining whether storage units allocated to a logic storage unit of the storage system are sufficient for data associated with the write request. The method also comprises in response to determining that the allocated storage units are insufficient, allocating a new storage unit to the logic storage unit. The method further comprises updating metadata associated with allocation of the storage units of the storage system, the metadata indicating a mapping between the logic storage unit and the storage units. The method also comprises encrypting the updated metadata. Other implementations of the present disclosure also involve corresponding method, device and computer-readable medium for decryption metadata and recovering the logic storage unit using the decrypted metadata.

Claims

exact text as granted — not AI-modified
We claim: 
     
       1. A method of managing a storage system, comprising:
 providing a plurality of slices of continuously-addressable storage space, the slices having uniform size and constructed from a set of RAID (Redundant Array of Independent Disks) arrays; 
 creating allocation metadata that specifies mappings between the plurality of slices and respective ranges within a sparse volume of a support layer, the allocation metadata enabling the slices to be located in response to data access requests corresponding to the respective ranges of the sparse volume; and 
 protecting data stored in the plurality of slices by encrypting the allocation metadata, said encrypting preventing data access to the slices and user data stored therein unless an encryption key is provided, 
 wherein the storage system includes a file-system layer, wherein the method further comprises storing file-system-mapping metadata between a file in the file system layer and the support layer, the file-system-mapping metadata being finer-grained than the allocation metadata, and wherein protecting the data stored in the plurality of slices is performed without encrypting the file-system-mapping metadata. 
 
     
     
       2. The method of  claim 1 , wherein encrypting the allocation metadata includes encrypting allocation metadata created for a first slice of the plurality of slices when allocating the first slice, wherein allocating the first slice is in response to a first write request, and wherein the method further comprises writing data to the first slice in response to a second write request without further encrypting the allocation metadata created for the first slice. 
     
     
       3. The method of  claim 2 , wherein the first storage unit has a size, and wherein the method further comprises writing additional data to the first slice, without further encrypting the allocation metadata for the first slice, in response to a set of additional write requests that do not cause a total amount of data written to the first slice to exceed the size of the first slice. 
     
     
       4. The method of  claim 2 , further comprising writing a set of data to the first slice without encrypting the set of data. 
     
     
       5. The method of  claim 2 , wherein creating the allocation metadata includes providing the allocation metadata redundantly in multiple respective locations in the storage system. 
     
     
       6. The method of  claim 5 , wherein protecting the data stored in the plurality of slices includes encrypting the allocation metadata at each of the respective locations. 
     
     
       7. The method of  claim 5 , wherein at least one of the respective locations is a slice that is dedicated to metadata and does not contain user data, and wherein at least one other of the respective locations is a slice that contains user data. 
     
     
       8. The method of  claim 1 , wherein protecting the data stored in the plurality of slices includes encrypting allocation metadata for each of the plurality of slices upon first writes that cause the respective slices to be allocated but not upon subsequent writes to already-allocated slices. 
     
     
       9. The method of  claim 1 , wherein a file system having file-system metadata is built upon the sparse volume, and wherein encrypting the allocation metadata is performed without encrypting the file-system metadata. 
     
     
       10. The method of  claim 1 , wherein accessing the protected data requires decrypting the encrypted allocation metadata. 
     
     
       11. A storage system, comprising control circuitry that includes a set of processing units coupled to memory, the control circuitry constructed and arranged to:
 provide a plurality of slices of continuously-addressable storage space, the slices having uniform size and constructed from a set of RAID (Redundant Array of Independent Disks) arrays; 
 create allocation metadata that specifies mappings between the plurality of slices and respective ranges within a sparse volume of a support layer, the allocation metadata enabling the slices to be located in response to data access requests corresponding to the respective ranges of the sparse volume; and 
 protect data stored in the plurality of slices by encrypting the allocation metadata, said encrypting preventing data access to the slices and user data stored therein unless an encryption key is provided, 
 wherein the storage system includes a file-system layer, wherein the control circuitry is further constructed and arranged to store file-system-mapping metadata between a file in the file system layer and the support layer, the file-system-mapping metadata being finer-grained than the allocation metadata, and wherein the control circuitry is constructed and arranged to protect the data stored in the plurality of slices without encrypting the file-system-mapping metadata. 
 
     
     
       12. A computer program product including a set of non-transitory, computer-readable media having instructions which, when executed by control circuitry of a storage system, cause the storage system to perform a method, comprising:
 providing a plurality of slices representing respective extents of continuously-addressable storage space, the slices having uniform size and constructed from a set of RAID (Redundant Array of Independent Disks) arrays; 
 creating allocation metadata that specifies mappings between the plurality of slices and respective ranges within a sparse volume of a support layer, the allocation metadata enabling the slices to be located in response to data access requests corresponding to the respective ranges of the sparse volume; and 
 protecting data stored in the plurality of slices by encrypting the allocation metadata, said encrypting preventing data access to the slices and user data stored therein unless an encryption key is provided, 
 wherein the storage system includes a file-system layer, wherein the method further comprises storing file-system-mapping metadata between a file in the file system layer and the support layer, the file-system-mapping metadata being finer-grained than the allocation metadata, and wherein protecting the data stored in the plurality of slices is performed without encrypting the file-system-mapping metadata. 
 
     
     
       13. The computer program product of  claim 12 , wherein encrypting the allocation metadata includes encrypting allocation metadata created for a first slice of the plurality of slices when allocating the first slice, wherein allocating the first slice is in response to a first write request, and wherein the method further comprises writing data to the first slice in response to a second write request without further encrypting the allocation metadata created for the first slice. 
     
     
       14. The computer program product of  claim 13 , wherein the first slice has a size, and wherein the method further comprises writing additional data to the first slice, without further encrypting the allocation metadata for the first slice, in response to a set of additional write requests that do not cause a total amount of data written to the first slice to exceed the size of the first slice. 
     
     
       15. The computer program product of  claim 13 , wherein the method further comprises writing a set of data to the first slice without encrypting the set of data. 
     
     
       16. The computer program product of  claim 13 , wherein creating the allocation metadata includes providing the allocation metadata redundantly in multiple respective locations in the storage system. 
     
     
       17. The computer program product of  claim 16 , wherein protecting the data stored in the plurality of slices includes encrypting the allocation metadata at each of the respective locations. 
     
     
       18. The computer program product of  claim 12 , wherein protecting the data stored in the plurality of slices includes encrypting allocation metadata for each of the plurality of slices upon first writes that cause the respective slices to be allocated but not upon subsequent writes to already-allocated slices.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.